Bewertung: 0 / 5
PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.
Read more...PHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities.
Read more...This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module[…]
Read more...Fast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.
Read more...This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data[…]
Read more...This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading[…]
Read more...This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run[…]
Read more...ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
Read more...ForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
Read more...QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
Read more...This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command[…]
Read more...This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file[…]
Read more...PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more...WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more...This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more...Whitepaper called Practical PHP Security.
Read more...WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more...qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
Read more...Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
Read more...This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
Read more...This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
Read more...Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more...Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more...Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Read more...Online Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.
Read more...
